Symantec Security Expressions Server Server User Manual


 
81
View Audit Results
Browse Audit Results
This page shows audit results in the form of reports. It features results from almost all kinds of
auditing methods, including:
Audit-on-Schedule
Audit-on-Connect
self-service audits based on multiple policy files and Audit-on-Connect scopes
audits performed on any consoles connected to the same database as the server
application
SecurityExpressions Audit & Compliance Server dynamically generates reports based on pre-
configured report profiles. Clicking a hyperlink drills down to a new page with a report showing
all of the policy files and the individual policy file posture result used during the audit of the
device. Additionally you can drill down by policy file to the audit detail for that audit. When
browsing audit data, you may view it but cannot modify it.
When you first browse Audit-On-Schedule activity, a table appears with Audit-On-Schedule pre-
configured reports and any previously created user-defined reports. SecurityExpressions Audit &
Compliance Server provides one Audit-On-Schedule pre-configured report, which is a status
report over 30 days, plus one additional standard report called Scheduled Audits Log.
Once you have created a report profile, you can drill down into the details of the report. Click
Show to begin to see the which device was audited, by whom, the policy file used for the audit,
and the results. Clicking Details from this Audit List displays the audit report with greater details.
For example, you can see the status and priority for each rule.
Only the machine lists, policies, scheduled tasks, and scopes (when viewing Audit-on-Connect
results) to which you have Use access rights appear for selection. Access rights are set in the
Windows Group Access options on the My Machine Lists page, ML Access page, Policies page,
Scheduled Tasks page, and Scopes page. If you can't find a machine list, policy, scheduled task,
or scope you need to use, ask the item's creator or administrator to add you to one of the
Windows User Groups with Use access rights to it.
Furthermore, reports only display audit results involving scopes to which you have View access
rights, policies to which you have Result access rights, and machine list members audited using
machine lists to which you have Result access rights.
Adding a New Audit Results Report Profile
Creating a new report profile defines a report filter and what appears in each report.
1. Click the New button to display report-profile options.
2. Type a Report Name and a short report Description.
3. Select a report type and then define filters that cause only certain audit results that meet
your criteria to display in the report.
The filter options available depend on the report type you select.